arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-02-22 12:32:02 +00:00
Code Issues Releases Wiki Activity

Check that U2F key only uses hardened derivation (#139)

Browse Source 
We generate only U2F keys with hardened derivation.  However, we
didn't check incoming keys if they used hardened derivation.
This patch fixes this.
This commit is contained in:
Jochen Hoenicke 2017-01-10 21:51:57 +01:00 committed by Pavol Rusnak
parent cc01b86ab7
commit 1cceec0ae2
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
firmware/u2f.c
View File

@ -505,6 +505,12 @@ const HDNode *validateKeyHandle(const uint8_t app_id[], const uint8_t key_handle
uint32_t key_path[KEY_PATH_ENTRIES];
key_path[0] = U2F_KEY_PATH;
memcpy(&key_path[1], key_handle, KEY_PATH_LEN);
for (unsigned int i = 1; i < KEY_PATH_ENTRIES; i++) {
// check high bit for hardened keys
if (! (key_path[i] & 0x80000000)) {
return NULL;
}
}
const HDNode *node = getDerivedNode(key_path, KEY_PATH_ENTRIES);
if (!node)